Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Authentication Bypass Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilitie Known Vulnerabilities Ldap Injection Malware Missing Update Privilege Escalation Remote Code Execution SSRF SSTI Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity TYPO3 Improper Input Validation Vulnerability (CVE-2019-11832) CVE-2019-11832 CWE-20 CWE-20 High TYPO3 Improper Input Validation Vulnerability (CVE-2020-15099) CVE-2020-15099 CWE-20 CWE-20 High TYPO3 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-19848) CVE-2019-19848 CWE-22 CWE-22 High TYPO3 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2010-3668) CVE-2010-3668 CWE-138 CWE-138 High TYPO3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-4855) CVE-2009-4855 CWE-138 CWE-138 High TYPO3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-3662) CVE-2010-3662 CWE-138 CWE-138 High TYPO3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-1842) CVE-2013-1842 CWE-138 CWE-138 High TYPO3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-19850) CVE-2019-19850 CWE-138 CWE-138 High TYPO3 Insufficient Session Expiration Vulnerability (CVE-2022-31050) CVE-2022-31050 CWE-613 CWE-613 High TYPO3 Other Vulnerability (CVE-2006-6690) CVE-2006-6690 High TYPO3 Other Vulnerability (CVE-2007-1081) CVE-2007-1081 High TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3714) CVE-2010-3714 CWE-264 CWE-264 High Typo3 Restler 1.7.0 Local File Disclosure CWE-22 CWE-22 High TYPO3 Uncontrolled Recursion Vulnerability (CVE-2021-21359) CVE-2021-21359 CWE-674 CWE-674 High TYPO3 Uncontrolled Recursion Vulnerability (CVE-2022-23500) CVE-2022-23500 CWE-674 CWE-674 High TYPO3 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2010-3663) CVE-2010-3663 CWE-434 CWE-434 High TYPO3 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-14251) CVE-2017-14251 CWE-434 CWE-434 High TYPO3 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2021-21357) CVE-2021-21357 CWE-434 CWE-434 High Ubiquiti Unifi Log4Shell RCE CVE-2021-44228 CWE-78 CWE-78 High Umbraco CMS local file inclusion CWE-98 CWE-98 High Umbraco CMS remote code execution CWE-94 CWE-94 High Umbraco CMS TemplateService remote code execution CVE-2013-4793 CWE-94 CWE-94 High Unauthenticated Arbitrary File Read vulnerability in VMware vCenter CWE-22 CWE-22 High Unauthenticated OGNL injection in Confluence Server and Data Center CVE-2021-26084 CWE-917 CWE-917 High Unauthenticated Remote Code Execution via JSONWS in Liferay 6.1 (LPS-88051) CWE-78 CWE-78 High Unauthenticated Remote Code Execution via JSONWS in Liferay 7.2.0 CE GA1 CVE-2020-0618 CVE-2020-7961 CWE-78 CWE-78 High Unauthenticated remote code execution vulnerability in Confluence Server and Data Center CVE-2022-26134 CWE-917 CWE-917 High Uncontrolled format string CWE-134 CWE-134 High Underscore.js Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-23358) CVE-2021-23358 CWE-94 CWE-94 High Undertow CVE-2022-1259 Vulnerability (CVE-2022-1259) CVE-2022-1259 High Undertow CVE-2023-3223 Vulnerability (CVE-2023-3223) CVE-2023-3223 High Undertow Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-3859) CVE-2021-3859 CWE-668 CWE-668 High Undertow Improper Input Validation Vulnerability (CVE-2020-1757) CVE-2020-1757 CWE-20 CWE-20 High Undertow Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2020-10705) CVE-2020-10705 CWE-119 CWE-119 High Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2017-12165) CVE-2017-12165 CWE-444 CWE-444 High Undertow Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2017-2670) CVE-2017-2670 CWE-835 CWE-835 High Undertow Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2023-1108) CVE-2023-1108 CWE-835 CWE-835 High Undertow Missing Authorization Vulnerability (CVE-2019-10184) CVE-2019-10184 CWE-862 CWE-862 High Undertow Unchecked Return Value Vulnerability (CVE-2022-1319) CVE-2022-1319 CWE-252 CWE-252 High Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2019-14888) CVE-2019-14888 CWE-400 CWE-400 High Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2019-19343) CVE-2019-19343 CWE-400 CWE-400 High Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2021-3629) CVE-2021-3629 CWE-400 CWE-400 High Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2021-3690) CVE-2021-3690 CWE-400 CWE-400 High Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2022-2053) CVE-2022-2053 CWE-400 CWE-400 High Unprotected phpMyAdmin interface CWE-205 CWE-205 High Unrestricted access to Caddy API interface CWE-200 CWE-200 High Unrestricted access to Haproxy Data Plane API CWE-200 CWE-200 High Unrestricted access to Kong Gateway API CWE-200 CWE-200 High Unrestricted access to NGINX+ API interface (read write) CWE-200 CWE-200 High Unrestricted access to Odoo DB manager CWE-200 CWE-200 High Unrestricted file upload vulnerability in ofc_upload_image.php CVE-2009-4140 CWE-434 CWE-434 High Unsafe use of Reflection CWE-470 CWE-470 High Uploadify arbitrary file upload CWE-434 CWE-434 High User controllable script source CWE-79 CWE-79 High uWSGI Path Traversal vulnerability CVE-2018-7490 CWE-22 CWE-22 High uWSGI Unauthorized Access Vulnerability CWE-78 CWE-78 High Vanilla Forums Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-1000432) CVE-2017-1000432 CWE-352 CWE-352 High Vanilla Forums CVE-2013-3528 Vulnerability (CVE-2013-3528) CVE-2013-3528 High Vanilla Forums Deserialization of Untrusted Data Vulnerability (CVE-2018-19499) CVE-2018-19499 CWE-502 CWE-502 High Vanilla Forums Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3613) CVE-2011-3613 CWE-200 CWE-200 High Vanilla Forums Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-10073) CVE-2016-10073 CWE-200 CWE-200 High Vanilla Forums Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-3527) CVE-2013-3527 CWE-138 CWE-138 High Varnish Cache Integer Overflow or Wraparound Vulnerability (CVE-2017-12425) CVE-2017-12425 CWE-190 CWE-190 High Varnish Cache Other Vulnerability (CVE-2013-4090) CVE-2013-4090 High Varnish Cache Other Vulnerability (CVE-2015-8852) CVE-2015-8852 High Varnish Cache Reachable Assertion Vulnerability (CVE-2019-15892) CVE-2019-15892 CWE-617 CWE-617 High vBSEO 3.6.0 PHP code injection CVE-2012-5223 CWE-94 CWE-94 High vBulletin 4 (up to 4.1.2) search.php SQL injection CWE-89 CWE-89 High vBulletin 5 CONNECT remote code execution CWE-94 CWE-94 High vBulletin 5.1.2 SQL injection CVE-2014-5102 CWE-89 CWE-89 High vBulletin 5.6.1 nodeId SQL injection CVE-2020-12720 CWE-94 CWE-94 High vBulletin 5.x 0day pre-auth RCE CWE-94 CWE-94 High vBulletin customer number disclosure CVE-2013-6129 CWE-264 CWE-264 High vBulletin PHP object injection vulnerability CWE-915 CWE-915 High vBulletin Pre-Auth RCE Vulnerability CVE-2020-17496 CWE-94 CWE-94 High 1...47484950...165 48 / 165
